Laws enabling the government and public bodies to collect and store data are frequently at odds with laws protecting privacy.

There is no consensus on the role of privacy in the UK's constitution and common law. Although the report released today describes any erosion of privacy as "weaken[ing] the constitutional foundations on which democracy and good governance have traditionally been based in this country", there has never been a general "right to privacy" in English law.

Since 2000 the Human Rights Act has provided protection for "private and family life", which includes the right to privacy. This right, which has never been clearly defined, is not absolute and the government may be able to justify interfering with it to the extent that to do so is in accordance with the law, pursues a legitimate aim, and is "necessary in a democratic society".

As a result any interference through surveillance and data collection has to be proportionate to its intended aim of preserving public safety, for example, or detecting crime.

Last year a landmark ruling by the European court of human rights suggested the government had got this balance wrong. The court held that indefinite retention of DNA data from people questioned by the police but never prosecuted, was a breach of their rights, and not proportionate to the government's stated aim of using such DNA data to solve crime.

Individuals are also protected under the Data Protection Act, which brought the UK into compliance with European law. The act requires all organisations which process personal data, including private firms, to comply with principles such as limiting their use of the data, and retaining it for no longer than is necessary.

The information commissioner, Richard Thomas, has the power to investigate and prosecute anyone committing an offence. Last year four police forces were found to be in breach of the Data Protection Act by storing criminal records which the information tribunal found were "no longer relevant".

One case was records held by West Midlands police on a man who, in 1978, then aged 16, had been caught cutting metal discs to the size of 1p and 10p pieces to use in a fairground slot machine.A set of records held by Humberside related to the theft of a packet of meat worth 99p by a then 16-year old. And Staffordshire police had maaintained a record of a 13-year old girl who had been cautioned for a minor assault, until her 100th birthday.

Another issue facing the commissioner is believed to be the increasing spread of technology used by private companies to obtain data, and which often makes it cheaper to retain data rather than delete it, even when it is no longer needed.

Police and security services are also governed by the Regulation of Investigatory Powers Act (Ripa), which regulates their use of covert surveillance data. Ripa provides a legal framework for the use of surveillance and data, such as intercept material, but has been criticised for lacking independent judicial oversight, and also for authorising local authorities to spy on residents for purposes ranging from the prevention of dog-fouling and fly-tipping to investigation of abuses of school-place applications.